Followed Read & Run Me + XP Cleaning Procedure, need help

Let me first explain how I got to this point.

Another user on this PC was attempting to use QuickTax 2007, but once the program was opened, an "Internet Explorer Script Error" pop-up appeared, with all the lines which were supposed to detail the error blank. This also appeared a few times on startup when a Norton AntiVirus subscription reminder would appear (Norton has since been uninstalled). The only way to get rid of this is to press "X" in the window - the "Yes" and "No" buttons do not function. After pressing 'X", the script error dialog pops up again and again, you have to close roughly 20 instances of it before it finally disappears. When this occurred with QuickTax, it wouldn't disappear at all.

Now, whether this is malware or not, I'm not sure. I did a bit of searching and from what I can understand it may have something to do with IE and ActiveX controls. At the moment, Internet Explorer does not work properly: as soon as it's opened it hogs up all resources and is unresponsive. I have to end the process via Task Manager to get rid of it.

In light of this, I decided to uninstall Norton & install Comodo Personal Firewall, Comodo BOClean, Comodo AntiVirus, Spybot Search & Destroy with TeaTimer turned off and Spyware Blaster with full protection (this would give me the same setup as on my other computer, which was previously cleaned of malware thanks to this site). Comodo AntiVirus was the only program which had difficulties. It seemed to install just fine and it would open with no problems, but all the buttons wouldn't function. I couldn't switch tabs/settings, run scans, minimize or close the window - basically all functions had no effect. Yet the program itself wasn't unresponsive: I could minimize/close the program by the taskbar and I could open the right-click menu from the tray icon. I made a thread here about that problem, at which point I was directed to this forum.

Anyhow, whether any of what I've described is malware or not, I thought it best to come here and go through the Read & Run Me and the XP Cleaning Procedure. I ran into one problem: SUPERAntiSpyware's scan ran for about 45 minutes until it stopped at a point in the scan. I left it for another 2 and a half hours, but nothing had change. I then decided to end the scan by pressing "Next". A dialog popped up and I said "Yes" to ending the scan prematurely. Nothing happened. I waited longer, but still nothing. The cancel and "X" buttons did nothing either. I had to end the process via Task Manager. As a result no log was obtained. Here is a screenshot, just before I ended the process.

The rest of the scans were fine. Spybot found a bunch of tracking cookies mostly, but it also found instances of "PUPS" (not sure what that is) and 3 Trojans. Here are screenshots of those results: Screen 1 Screen 2. I then pressed "Fix selected problems" and that worked fine.

For some reason, I'm unable to attach anything to this post (the Manage Attachments button isn't there, I turned off my pop-up/ad blocker and I checked the How To Attach Items To Your Post with no luck). I uploaded the logs elsewhere. Here they are (yellow Download button at the bottom of each page):

Malwarebytes Anti-Malware log
ComboFix.txt
MGlogs.zip

Finally, just to clarify, my priority right now is to rid this machine of malware. If that involves the "Internet Explorer Script Error" I described, great, otherwise, I'll tackle that problem separately later.

Thanks.

[edit by chaslang] Logs attached here for easier and permanent access.

 

I couldn't find the following entries in the HijackThis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

The other 3 entries you specified were found and fixed.

I received a success message about adding the information you supplied to the registry.

Attached is the log from MGtools.

Thanks.

 

Ok. I followed all instructions with no problems.

Thank you, again, for all the help. Much appreciated.

I have to ask though, are you sure the "Internet Explorer Script Error" isn't due to malware? The more things I do on the computer the more places I find it. It popped up when I ran "services.msc" like you told me to. It happens when QuickTax is loaded as I already stated. If it isn't malware, do you have any idea what it could be/how to get rid of it?

Thank you again.

 

I have something new to report. This happened just now.

Under a different User Account than the one I used to clean the computer of malware, whenever Microsoft Word or Windows Live Messenger is opened a Windows Installer pops up to install the software... even though it's already installed. Sometimes a "Copying..." dialog box also pops up (the sort of thing that would appear when copying a large file from one directory on a computer to another), apparently copies files and then disappears rapidly. After canceling the Windows Installer, the program loads and seems to run normally. I haven't tried opening either program on the User Account I used to rid the computer of malware yet.

Have we done anything to cause this? Is it malware? If not, do you know the problem or solution?

 

Ok, I think I was a bit hasty in my assumptions. It doesn't look like malware to me. I let the Windows Installer for Windows Live Messenger run and I don't get a pop up for it anymore. On the Microsoft Word 2003 pop up however, it displays this error message: "A required installation file SKU112.CAB could not be found.", at which point it prompts me for my CD to install Word instead (even though Word is already installed - canceling the installation makes Word open and run as usual). Cancelling the install from this step gives me the following: "Error 25090. Office Setup encountered a problem with the Office Source Engine, system error -2147023179. Please open C:\Program Files\Microsoft Office\OFFICE\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem."

The "Internet Explorer Script Error" messages are still appearing however, and Internet Explorer is still unresponsive and unusable.

My apologies for the triple post. I would've edited this into the last post but was too slow.

Thank you for all the help. I hope I'm not being too much of an annoyance.